electron/shell/browser/ui/certificate_trust_win.cc

90 lines
2.8 KiB
C++
Raw Normal View History

2017-04-29 09:29:07 +00:00
// Copyright (c) 2017 GitHub, Inc.
2017-04-06 01:01:58 +00:00
// Use of this source code is governed by the MIT license that can be
// found in the LICENSE file.
#include "shell/browser/ui/certificate_trust.h"
2017-04-06 01:01:58 +00:00
#include <windows.h> // windows.h must be included first
#include <wincrypt.h>
2017-04-06 01:01:58 +00:00
#include "net/cert/cert_database.h"
#include "net/cert/x509_util_win.h"
#include "shell/browser/javascript_environment.h"
chore: more iwyu (#43063) * chore: iwyu shell/browser/electron_pdf_document_helper_client.h * chore: iwyu shell/browser/hid/electron_hid_delegate.h * chore: iwyu content/public/browser/web_contents.h * chore: iwyu shell/browser/usb/electron_usb_delegate.h * chore: iwyu shell/browser/browser_observer.h * chore: iwyu shell/browser/bluetooth/electron_bluetooth_delegate.h * chore: iwyu shell/browser/serial/electron_serial_delegate.h * chore: iwyu shell/browser/api/frame_subscriber.h * chore: iwyu mojo/public/cpp/bindings/ * chore: iwyu components/ * chore: iwyu extensions/ * chore: iwyu shell/common/gin_helper/ * chore: iwyu v8/ * chore: iwyu base/containers/linked_list.h * chore: iwyu shell/browser/native_window.h * chore: iwyu shell/browser/api/electron_api_base_window.h * chore: iwyu shell/common/node_includes.h * chore: iwyu gin/handle.h * chore: iwyu base/functional/callback.h * chore: iwyu ui/gfx/ * chore: iwyu content/public/browser/render_frame_host.h * fix: mac * fix: mac * fix: win * chore: iwyu base/files/file_path.h * chore: iwyu base/unguessable_token.h * chore: iwyu ui/display/screen.h * chore: iwyu chrome/browser/predictors/preconnect_manager.h * chore: iwyu base/observer_list_types.h * chore: iwyu content/public/browser/web_contents.h * chore: iwyu chrome/browser/devtools/devtools_eye_dropper.h * chore: iwyu shell/browser/ui/inspectable_web_contents.h * chore: iwyu content/public/browser/keyboard_event_processing_result.h * chore: iwyu net/cookies/canonical_cookie.h * chore: iwyu net/base/address_list.h * chore: iwyu net/cert/x509_certificate.h * chore: iwyu net/cookies/cookie_change_dispatcher.h * chore: iwyu net/dns/public/host_resolver_results.h * fix: mac * Revert "chore: iwyu net/cert/x509_certificate.h" This reverts commit 002896f71146e90f1e29e090a1d6eede48cee11e.
2024-07-29 17:42:57 +00:00
#include "shell/common/gin_helper/promise.h"
2017-04-21 02:47:11 +00:00
2017-04-06 01:01:58 +00:00
namespace certificate_trust {
2017-04-27 05:01:55 +00:00
// Add the provided certificate to the Trusted Root Certificate Authorities
// store for the current user.
//
2017-04-27 05:01:55 +00:00
// This requires prompting the user to confirm they trust the certificate.
2017-04-29 09:28:42 +00:00
BOOL AddToTrustedRootStore(const PCCERT_CONTEXT cert_context,
const scoped_refptr<net::X509Certificate>& cert) {
auto* root_cert_store = CertOpenStore(
CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root");
2017-04-24 01:49:55 +00:00
if (root_cert_store == nullptr) {
2017-04-27 05:01:55 +00:00
return false;
}
2017-04-24 01:49:55 +00:00
auto result = CertAddCertificateContextToStore(
root_cert_store, cert_context, CERT_STORE_ADD_REPLACE_EXISTING, nullptr);
if (result) {
// force Chromium to reload it's database for this certificate
auto* cert_db = net::CertDatabase::GetInstance();
cert_db->NotifyObserversTrustStoreChanged();
2017-04-27 05:01:55 +00:00
}
2017-04-29 09:28:42 +00:00
CertCloseStore(root_cert_store, CERT_CLOSE_STORE_FORCE_FLAG);
2017-04-27 05:01:55 +00:00
return result;
}
CERT_CHAIN_PARA GetCertificateChainParameters() {
2017-04-29 09:28:42 +00:00
CERT_ENHKEY_USAGE enhkey_usage;
enhkey_usage.cUsageIdentifier = 0;
enhkey_usage.rgpszUsageIdentifier = nullptr;
2017-04-29 09:28:42 +00:00
CERT_USAGE_MATCH cert_usage;
2017-04-27 05:01:55 +00:00
// ensure the rules are applied to the entire chain
2017-04-29 09:28:42 +00:00
cert_usage.dwType = USAGE_MATCH_TYPE_AND;
cert_usage.Usage = enhkey_usage;
2018-04-18 01:55:30 +00:00
CERT_CHAIN_PARA params = {sizeof(CERT_CHAIN_PARA)};
2017-04-29 09:28:42 +00:00
params.RequestedUsage = cert_usage;
2017-04-27 05:01:55 +00:00
return params;
}
v8::Local<v8::Promise> ShowCertificateTrust(
electron::NativeWindow* parent_window,
const scoped_refptr<net::X509Certificate>& cert,
const std::string& message) {
v8::Isolate* isolate = electron::JavascriptEnvironment::GetIsolate();
gin_helper::Promise<void> promise(isolate);
v8::Local<v8::Promise> handle = promise.GetHandle();
2017-04-27 05:01:55 +00:00
PCCERT_CHAIN_CONTEXT chain_context;
auto cert_context = net::x509_util::CreateCertContextWithChain(cert.get());
2017-04-27 05:01:55 +00:00
auto params = GetCertificateChainParameters();
if (CertGetCertificateChain(nullptr, cert_context.get(), nullptr, nullptr,
&params, 0, nullptr, &chain_context)) {
2017-04-29 09:28:42 +00:00
auto error_status = chain_context->TrustStatus.dwErrorStatus;
2017-05-03 23:22:56 +00:00
if (error_status == CERT_TRUST_IS_SELF_SIGNED ||
error_status == CERT_TRUST_IS_UNTRUSTED_ROOT) {
// these are the only scenarios we're interested in supporting
AddToTrustedRootStore(cert_context.get(), cert);
}
2017-04-29 09:28:42 +00:00
CertFreeCertificateChain(chain_context);
2017-04-27 05:01:55 +00:00
}
promise.Resolve();
return handle;
2017-04-06 01:09:58 +00:00
}
2017-04-06 01:01:58 +00:00
} // namespace certificate_trust